Network Firewalls, Network Access Control,
Security Operations
Juniper Issues Urgent Advisory to Customers on Firewall Vulnerability
Juniper Networks has alerted its customers to a critical vulnerability affecting the PTX Series routers, which could grant unauthorized actors root-level privileges, enabling them to execute arbitrary code. This flaw, tracked as CVE-2026-21902 with a CVSS score of 9.3, is tied to an improper permission assignment in Junos OS Evolved, particularly within the On-Box Anomaly Detection framework designed for internal monitoring.
Discovered by researchers at watchTowr, the vulnerability was publicly detailed in an advisory released on a recent Tuesday. Juniper has recommended that customers enhance their defenses by filtering access via access control lists or firewalls while they work on a patch.
Given that the service operates with root privileges by default, successful exploitation could afford adversaries complete control over the affected devices without necessitating authentication. Technical analyses indicate that the framework is not intended for open access in standard deployments; however, misconfigurations can render it accessible.
The vulnerability impacts specific versions of the PTX routers, namely 25.4R1-S1-EVO and 25.4R2-EVO. While older versions may also be at risk, Juniper has reported no indications of active exploitation as of their latest security bulletin. Moreover, non-Evolved versions of Junos OS released prior to 25.4R1-EVO have shown no evidence of concern.
Typically utilized as core and peering routers in telecommunications and data center environments, the PTX Series is crucial for managing traffic within large-scale operations. If exploited, CVE-2026-21902 could not only allow attackers to establish persistence with minimal credentials, but also manipulate and reroute traffic across organizational networks.
This incident exemplifies potential adversary tactics outlined in the MITRE ATT&CK framework, particularly under the categories of initial access and privilege escalation. Organizations are urged to remain vigilant and assess their configurations to safeguard against such vulnerabilities.